Top 15 Security Predictions for 2015

As top security companies, magazines and bloggers came out with their predictions for 2015, one simple message emerged: more of the same – only worse. Since 2014 brought us twice the cyber danger as 2013, you may want to adjust your cyber safety belt.

14) Forbes: Forbes writer Jim Blasingame usually writes about business - not tech. He reports, “The Sony hack and subsequent corporate cyber-terror threat by North Korea will for the first time in history manifest in cyber-security practices of corporate America being elevated to de facto national security concerns.”

(Some of the other notable predictions include write-ups from eWeek, Infosec Institute, Microsoft, Gartner, TheVarGuy, Forrester, Varonis and Threatstream. However, their cyber trends look very similar to most of the others mentioned for 2015 -announcing mobile malware, IoT and more data breaches are coming.) John Fontana at Yubico.com boldly predicts a 10x increase in phishing attacks in the enterprise.

Security Prediction Accolades:

And the category winners are…

Most Surprisingly Upbeat: Sophos – Leading with: Exploit mitigations reduce the number of useful vulnerabilities.

Most Overlooked: Privacy and regulation trends – “The patchwork nature of regulation around the world is likely to become an increasing burden on organizations in 2015.” CIO Magazine

Most Geopolitical: Forbes Jim Blasingame – “Cyber-security practices of corporate America being elevated to de facto national security concerns.”

Most Likely: More major data breaches will hit the headlines. eWeek offered ten breach predictions.

Most Professionally Relevant for Cyber Pros: Network World – “Demand will exceed supply for cybersecurity professionals leading to salary inflation. CISOs who can’t hire the right talent will have no choice but to look for help from MSSPs and security SaaS vendors. As a result, 2015 will be another boom year for all types of security service providers on all types.”

Needing Most New Office Attention: FireEye – “When something does go wrong and a cyberattack is successful, response plans are also expected to fail more often, with harsher consequences. FireEye believes that a lack of adequate response could result in a major brand going out of business in 2015.”

Least Likely: Privacy will be more important than security. Kevin Jackson, the CEO of the GovCloud Network. I agree with him, but not in 2015 (or 2016).

Most Scary: Trend Micro, “Targeted attacks will become as prevalent as cybercrime.” Will the public become numb to 'smaller' cyber attacks?

Most Specifically Bold: Yubico.com, "10x increase in phishing attacks in the enterprise..."

Most Creative: Are you ready for “malvertising?” McAfee Labs and Wired Magazine say that mobile malware will come from untrusted app stores and is the latest “sweet spot” for bad actors.

Most Hopeful (Perhaps a bit naïve?): Symantec – Machine learning will be a game-changer in fight against cybercrime. Really? In 2015?

What’s Missing?

Not much talk of the grid going down or a major life-changing breach. Also, minimal mention of robots, 3D-printers or other big tech trends for 2015. Or, how about hacking of drones? When will black-hat hackers tackle artificial intelligence, augmented reality, virtual worlds or biomedical advances?

How much worse will things get? Will the cyber metrics of danger double again? What big surprises are likely, or possible?

Yes, there are new online twists mentioned. Malware is changing. Mobile payments, the Cloud and IoT are evolving – with growing, modified cyberattacks coming. Many companies now offer impressive infographics of security trends. Wearables will be huge, so get ready for WYOD or BYOW security issues.

But this blogger gets the sense that cyber companies and experts are gathering personnel and supplies for a long journey that will last many years.

It may sound a bit too much like Star Wars, but could there be cyber drone war coming or other new technology turned against society sometime in the next few years?

Predicting upcoming events has become almost as common as making New Year’s resolutions. Whether they help or hurt, or become self-fulfilling prophecies, is debatable.

On the positive side, perhaps we can look at this list and make personal and corporate resolutions to fix things. However, some experts insist that resolutions are bad for us and predictions are largely a waste of time – because we are bad at predicting the future.

Last year, I got most of my predictions correct on government technology. But like other cybersecurity leaders, I also missed a few. One important development that will get new attention in January: The US Congress passed new cyberdefense legislation – finally.

This year, I am simply focusing on other security prediction lists.

Examples Please

For those who want more practical examples of these cyber threats, here are two CNNMoney videos. The first shows how drones can be used to hack phone calls.

Here’s one example related to the Internet of Things (IoT). SMart home vulnerabilities, in devices like thermostats, are being hacked. Symantec and others say this will dramatically increase in 2015.

One thing became clear as I read predictions from around the world. Regardless of what security or technology company or blogger you follow, the technology experts agree that the bad guys are still ahead of the good guys - and getting better.

As Shawn Henry from CrowdStrike said a few years ago when he led the FBI cybercrime unit, most enterprises are outgunned in the hacker war. I think we are still outgunned in cyber.

We can expect more sophisticated data breaches, targeted cyberattacks and personal online surprises in 2015. And yet, we need to keep a positive view of security as an enabler of innovation, or we will lose enterprise support.

While we have a long road ahead to improve information security, there is also new hope for the future as we celebrate another New Year’s Eve.

California is the first state to require physicians to inform patients about their history of sexual misconduct, overprescribing medications, criminal convictions or substance abuse. Will others follow?